We performed a comparison between Fortinet FortiSOAR and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"It has basic out-of-the-box integrations with multiple log sources."
"The initial setup is very simple and straightforward."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It has a lot of great features."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"It has a quick detection and response time."
"The solution is easy to implement and includes 450 built-in connectors."
"It's great that the solution is integrated with FortiAnalyzer."
"Fortinet FortiSOAR is a very interactive and user-friendly solution."
"We use the product for security."
"The most valuable feature of Fortinet FortiSOAR is the number of available connectors and the simplicity to start to automate."
"The most valuable feature of Fortinet FortiSOAR is the playbook, which has to be defined to apply the policies."
"The product can be automated for network security purposes. The solution offers a great security automation response."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"It is a scalable solution. I would rate scalability a ten out of ten."
"What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used."
"The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information."
"The solution provides threat intelligence with EDR."
"It was useful as a ticketing tool."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"Many different playbooks are available and can be customized."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"The playbook is a bit difficult and could be improved."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The technology and integrations are important so should continue to be enhanced."
"Technical support could be improved."
"The solution doesn't connect well with the network devices."
"Fortinet's tech support overall is not great when they are at their best."
"Fortinet FortiSOAR should improve its analysis."
"I don't currently see where the solution is lacking features. For us and for our clients it works very well and we're pleased with it."
"The area that needs improvement is integration with multiple third-party vendors."
"Fortinet FortiSOAR should add more documentation for some use cases."
"The solution’s price and technical support could be improved."
"The configuration of the solution could improve it is difficult."
"The user interface could be a bit better."
"Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"The solution's correlation rules and playbooks should be improved."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Fortinet FortiSOAR is ranked 10th in Security Orchestration Automation and Response (SOAR) with 12 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. Fortinet FortiSOAR is rated 7.4, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of Fortinet FortiSOAR writes "A stable solution that has a number of available connectors and is simple to automate". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". Fortinet FortiSOAR is most compared with Splunk SOAR, Swimlane, ServiceNow Security Operations, Cisco SecureX and SECDO Platform, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Swimlane, IBM Resilient and ServiceNow Security Operations. See our Fortinet FortiSOAR vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.